CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2010-4176 plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from t... | N/A | NONE | — | 0 |
| CVE-2010-4179 The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for ... | N/A | NONE | — | 0 |
| CVE-2010-4480 error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as dem... | N/A | NONE | — | 0 |
| CVE-2010-4500 Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, ... | N/A | NONE | — | 0 |
| CVE-2010-2793 Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and co... | N/A | NONE | — | 0 |
| CVE-2010-3372 Untrusted search path vulnerability in NorduGrid Advanced Resource Connector (ARC) before 0.8.3 allows local users to gain privileges via vectors related to the LD_LIBRARY_PATH environment variable. ... | N/A | NONE | — | 0 |
| CVE-2010-4108 HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2010-4109 Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file. | N/A | NONE | — | 0 |
| CVE-2010-3699 The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes... | N/A | NONE | — | 0 |
| CVE-2010-3860 IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive inform... | N/A | NONE | — | 0 |
| CVE-2010-3920 The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program... | N/A | NONE | — | 0 |
| CVE-2010-4012 Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pres... | N/A | NONE | — | 0 |
| CVE-2010-4502 Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to th... | N/A | NONE | — | 0 |
| CVE-2010-4503 SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action. | N/A | NONE | — | 0 |
| CVE-2010-4504 Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Directory 2.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter to (1) suggest-category.php and (2)... | N/A | NONE | — | 0 |
| CVE-2010-4505 Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) un and (2) pw parameters. | N/A | NONE | — | 0 |
| CVE-2009-5021 Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password. | N/A | NONE | — | 0 |
| CVE-2010-0530 Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading fil... | N/A | NONE | — | 0 |
| CVE-2010-1508 Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka t... | N/A | NONE | — | 0 |
| CVE-2010-2235 template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contai... | N/A | NONE | — | 0 |
| CVE-2010-3800 Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. | N/A | NONE | — | 0 |
| CVE-2010-3802 Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama... | N/A | NONE | — | 0 |
| CVE-2010-3921 Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2010-3922 SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2010-4009 Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | N/A | NONE | — | 0 |
| CVE-2010-4508 The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inhere... | N/A | NONE | — | 0 |
| CVE-2010-4511 Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 has unknown impact and attack vectors related to the "dynamic publishing error message." | N/A | NONE | — | 0 |
| CVE-2010-4512 Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories. | N/A | NONE | — | 0 |
| CVE-2010-4513 Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action ... | N/A | NONE | — | 0 |
| CVE-2010-4514 Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. ... | N/A | NONE | — | 0 |
| CVE-2010-4515 Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability tha... | N/A | NONE | — | 0 |
| CVE-2010-4516 Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2010-4517 SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char... | N/A | NONE | — | 0 |
| CVE-2010-4518 Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 p... | N/A | NONE | — | 0 |
| CVE-2010-3766 Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to ... | N/A | NONE | — | 0 |
| CVE-2010-3767 Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript ar... | N/A | NONE | — | 0 |
| CVE-2010-3768 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an op... | N/A | NONE | — | 0 |
| CVE-2010-3769 The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly ha... | N/A | NONE | — | 0 |
| CVE-2010-3770 Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbi... | N/A | NONE | — | 0 |
| CVE-2010-3771 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to ... | N/A | NONE | — | 0 |
| CVE-2010-3772 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to e... | N/A | NONE | — | 0 |
| CVE-2010-3773 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XM... | N/A | NONE | — | 0 |
| CVE-2010-3774 The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterro... | N/A | NONE | — | 0 |
| CVE-2010-3775 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote... | N/A | NONE | — | 0 |
| CVE-2010-3776 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow... | N/A | NONE | — | 0 |
| CVE-2010-3777 Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or po... | N/A | NONE | — | 0 |
| CVE-2010-3778 Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and app... | N/A | NONE | — | 0 |
| CVE-2010-3861 The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive info... | N/A | NONE | — | 0 |
| CVE-2010-3880 net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIA... | N/A | NONE | — | 0 |
| CVE-2010-3918 Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.